Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by uthmin (2016-05-03 20:26:20)
Running from C:\Users\uthmin\Desktop
Windows 10 Pro (X64) (2016-04-27 18:06:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2791196081-3455553443-96247009-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2791196081-3455553443-96247009-503 - Limited - Disabled)
Guest (S-1-5-21-2791196081-3455553443-96247009-501 - Limited - Disabled)
uthmin (S-1-5-21-2791196081-3455553443-96247009-1001 - Administrator - Enabled) => C:\Users\uthmin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.377.1 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.377.1 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: جدار الحماية الشخصي ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Reader X (10.1.7) - Arabic (HKLM-x32\...\{AC76BA86-7AD7-1025-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Ant Download Manager version 0.3.3.beta (HKLM-x32\...\{754CB6A3-3FE2-40DA-9FE5-2864909BD1CC}_is1) (Version: 0.3.3.beta - AntGROUP, Inc.)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF4010 Series (HKLM\...\{900A29A0-52BA-4a78-8E6C-5F4F821397CE}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.42.136 - OSToto Co., Ltd.)
DriversCloud.com (64 bits) (HKLM\...\{C0B32FDA-5FB1-43F9-9273-E5DC59EE9164}) (Version: 8.0.4.0 - Cybelsoft)
ESET Smart Security (HKLM\...\{EADABD26-1163-4E63-A5CA-CB5D49FD13C7}) (Version: 9.0.377.1 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
Malwarebytes Anti-Malware النسخة 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 2.1.1 - Microvirt)
Microsoft Office Language Pack 2013 - Arabic العربية (HKLM\...\Office15.OMUI.ar-sa) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.0-r112342-release - Plays.tv, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Readiris Corporate 12 Middle East Edition (HKLM-x32\...\Readiris Corporate 12 Middle East Edition) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.107 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.104 - Synaptics Incorporated)
Viber (HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Viber) (Version: 5.1.1.15 - Viber Media Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
منبه الذاكرين (HKLM-x32\...\منبه الذاكرين) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2791196081-3455553443-96247009-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\uthmin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C8E96CF-91A0-4EDB-B8BC-19703F379B4E} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {1721B862-666C-4F34-ADA2-0F4D97A29970} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION
Task: {2DC28081-85F7-4058-A9A1-77A9EDC27FE4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {4748DD3C-133F-4BF0-B05E-9C380EC96825} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {5DBD4505-4D34-4F34-881C-B64685AFE22E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {60D3B8D5-F956-49F9-B4C7-78D0B6B06797} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-27] (Google Inc.)
Task: {81568D79-794E-4275-BE71-6A376F357FAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-27] (Google Inc.)
Task: {8A70F318-A169-4326-9AE4-D175E1AD51B0} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.)
Task: {8DB1E666-18F8-493D-AA7F-82046C8687CC} - System32\Tasks\Uninstaller_SkipUac_uthmin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit)
Task: {97190C4F-F30C-4317-8212-150908C9E871} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Drothman-uthmin Drothman => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {9F25FD7B-D8A4-47CA-AFEA-4A6D47DBB9B0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AC4DE593-1CC8-415A-B8A8-C321520EB5AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B020AAEC-8DAC-4EAC-8D60-0C6BDA049D49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D27E9A66-9334-4540-9734-D04B004C29A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D4A94B4D-EC9D-4232-9130-94D99DD64BBE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FADA5F13-9833-4FEE-93FA-B1FD2188AC65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_uthmin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 13:00 - 2015-07-10 13:00 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 13:00 - 2015-07-10 13:00 - 02498296 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-10 13:00 - 2015-07-10 13:00 - 02498296 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-27 20:19 - 2016-04-27 20:19 - 00959176 _____ () C:\Users\uthmin\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-07-10 13:00 - 2015-07-10 15:14 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 15:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 13:00 - 2015-07-10 15:14 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-28 00:40 - 2016-04-28 00:46 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-04-28 00:40 - 2016-04-28 00:46 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-04-28 00:40 - 2016-04-28 00:46 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-05-01 01:57 - 2016-05-01 02:00 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-04-27 22:59 - 2016-03-09 11:35 - 00147216 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2016-04-27 22:59 - 2016-03-09 11:35 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll
2016-04-27 22:59 - 2016-03-09 11:35 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2016-04-27 23:00 - 2016-03-09 11:35 - 00165088 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2016-04-27 22:59 - 2016-03-09 11:35 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2016-04-27 23:00 - 2016-03-09 11:35 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2016-04-27 21:36 - 2015-09-21 10:49 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2016-04-27 21:36 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-04-27 21:36 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-04-27 21:36 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-04-27 16:58 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2016-04-27 16:58 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2016-04-29 21:18 - 2016-04-13 15:52 - 00095312 _____ () C:\Users\uthmin\AppData\Local\Viber\qfacebook.dll
2016-04-29 21:18 - 2016-04-13 15:52 - 00042064 _____ () C:\Users\uthmin\AppData\Local\Viber\qrencode.dll
2016-04-29 21:18 - 2016-04-13 15:52 - 00016464 _____ () C:\Users\uthmin\AppData\Local\Viber\libEGL.dll
2016-04-29 21:18 - 2016-04-13 15:52 - 01270864 _____ () C:\Users\uthmin\AppData\Local\Viber\libGLESv2.dll
2016-04-29 21:18 - 2016-04-13 15:53 - 00398928 _____ () C:\Users\uthmin\AppData\Local\Viber\imageformats\qsvg.dll
2016-04-29 21:18 - 2016-04-13 15:54 - 00695888 _____ () C:\Users\uthmin\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\StartupFolder: => "Thaker.lnk"
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "AntDM"
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "antMR"
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{33318A96-B2BA-4B5A-9C87-2DE26CD29556}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5E186D54-E22F-4F30-9ED8-AD1B628EBD77}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{250531EE-8AF3-4AE9-AAF8-ACE368D28225}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{63355FE0-12E1-48C0-9262-3C8F1A382B82}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{524C17C9-A15B-441C-A87B-6DFE0DE36248}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{17D270AE-226A-4398-93AD-11D7F95CB804}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4577D8F6-0940-472D-A542-682D8439445F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9E22532F-7D24-4B25-9416-5704B6DDD26C}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [UDP Query User{BF6EEF03-54BE-4921-B216-2057EE4C2C72}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [{2E68F3AE-2A6E-4AD1-AEC2-E646ED932D08}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{E2EDB909-077E-4848-A637-47C975A54816}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{BCADE6ED-822F-46A3-8F4A-95A2DCBF57E9}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{F7F5B3A2-BC8D-4E74-8EAF-0207BB93AD1A}] => (Allow) C:\Program Files\Microvirt\MEmu\MEmu.exe
FirewallRules: [{5CEE10F8-228E-4DBE-95DA-104142EB0CB3}] => (Allow) C:\Program Files\Microvirt\MEmu\MEmu.exe
FirewallRules: [{CFA6D58A-4929-4E17-AA1D-B9E3A890B399}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe
FirewallRules: [{97893686-2FEB-4059-A50B-9560D8F3D823}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe
FirewallRules: [{FD150DF5-47B8-4D99-A879-7D335E1D601B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5E432353-CBF5-467F-AB02-33150A8634A6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{ED73F098-4793-4FBA-A1CD-2D47CEFBA276}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E13C3EBF-9048-4DEE-A384-0A760FB8EA44}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{AC777494-53A7-403E-9A89-FB2B37BDCC3E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A8F9C707-6C69-4BF7-830E-1434F5FBE103}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
==================== Restore Points =========================
28-04-2016 02:35:13 Installed Adobe Reader X (10.1.7) - Arabic.
28-04-2016 14:03:20 Driver Booster : 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
28-04-2016 15:03:36 مثبت الوحدات النمطية لـ Windows
01-05-2016 02:31:00 Driver Booster : Synaptics PS/2 Port TouchPad
01-05-2016 18:25:34 Installed MF Toolbox
01-05-2016 18:35:12 Installed DriversCloud.com (64 bits)
01-05-2016 21:26:20 Installed Adobe Acrobat XI Pro.
03-05-2016 03:00:43 Removed Adobe Acrobat XI Pro.
03-05-2016 03:11:43 Installed Adobe Acrobat XI Pro.
03-05-2016 03:20:38 Installed Adobe Reader X (10.1.7) - Arabic.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2016 06:02:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (05/03/2016 04:13:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drothman)
Description: فشل تنشيط التطبيق Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI مع حدوث الخطأ: -2144927141 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية.
Error: (05/03/2016 04:13:49 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: لقد تم إنهاء عملية تسجيل دخول Windows على نحو غير متوقع.
Error: (05/03/2016 03:20:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/03/2016 03:11:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/03/2016 03:05:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Drothman)
Description: فشل تنشيط التطبيق Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI مع حدوث الخطأ: -2144927141 راجع سجل Microsoft-Windows-TWinUI/Operational للحصول على معلومات إضافية.
Error: (05/03/2016 03:02:54 AM) (Source: MsiInstaller) (EventID: 11500) (User: Drothman)
Description: Product: Adobe Acrobat XI Pro -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (05/03/2016 03:02:53 AM) (Source: MsiInstaller) (EventID: 11500) (User: Drothman)
Description: Product: Adobe Acrobat XI Pro -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (05/03/2016 03:02:52 AM) (Source: MsiInstaller) (EventID: 11500) (User: Drothman)
Description: Product: Adobe Acrobat XI Pro -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (05/03/2016 03:00:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: فشلت "خدمات التشفير" أثناء معالجة استدعاء OnIdentity() الموجود في كائن "كاتب النظام".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (05/03/2016 07:17:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (05/03/2016 05:50:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
Error: (05/03/2016 04:13:49 AM) (Source: DCOM) (EventID: 10010) (User: Drothman)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (05/03/2016 04:13:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Sync Host_Session1 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service.
Error: (05/03/2016 03:05:39 AM) (Source: DCOM) (EventID: 10010) (User: Drothman)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (05/03/2016 03:05:39 AM) (Source: DCOM) (EventID: 10010) (User: Drothman)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (05/03/2016 03:05:36 AM) (Source: DCOM) (EventID: 10010) (User: Drothman)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (05/03/2016 03:05:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: تم إنهاء الخدمة Sync Host_Session1 بشكل غير متوقع. حدث هذا 1 مرة. سيتم اتخاذ الإجراء التصحيحي التالي في غضون 10000 مللي ثانية: Restart the service.
Error: (05/03/2016 02:50:20 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Drothman)
Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2791196081-3455553443-96247009-1001-0-ntuser.dat
Error: (05/03/2016 02:50:08 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Drothman)
Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2791196081-3455553443-96247009-1001-0-ntuser.dat
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 63%
Total physical RAM: 4043.86 MB
Available physical RAM: 1456.76 MB
Total Virtual: 5451.86 MB
Available Virtual: 2609.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:109.52 GB) (Free:68.02 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (كلية+برامج) (Fixed) (Total:156.74 GB) (Free:40.56 GB) NTFS
Drive f: (شخصي) (Fixed) (Total:199.16 GB) (Free:84.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0A80CABD)
Partition 1: (Active) - (Size=109.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.7 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=199.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================